Title

Goals

Overview

Web User Agents typically display the padlock icon whenever a communication is secured using SSL or TLS regardless of the type of authentication provided by the certificate. Increasingly there are circumstances where it is desirable to employ encryption without third party accreditation of the certificate subject and without subjecting the user to a disruptive user experience as they are warned that the site is not secure.

Applicability

This recommendation is applicable to any web user agent interface that presents SSL security information.

Requirement | Good Practice

When presented with an end entity certificate that contains the User Experience suppression OID, Web User Agents SHOULD permit the use of SSL but present the page in a manner consistent with display of a page obtained via a non-SSL transport.

In particular all warnings about the certificate trust chain and/or expiry SHOULD be suppressed. The user should only be provided with an indication that the Web page is not secure if they have engaged in a user interface modality that indicates that a secure page is expected, for example specifying the transport as https://, or they initiate an enquiry as to the page properties.

Techniques

The Web user agent examines the SSL certificate presented. If the certificate contains the security indicator suppression OID the page is presented without any security indicators.

Dependencies

The proposal only depends on the end entity certificate inb the SSL server certificate chain.

Examples (informational)

When a non conforming implementation visits a Web page secured with a no security indicator certificate it will display the padlock icon and may display various warnings if the certificate does not meet its trustworthiness criteria, is expired, etc.

When a conforming implementation visits such a site it will use SSL if this is technically possible, will not present any warnings to the user relating to the adequacy of the certificate and will not present the padlock icon or other passive security indicator. The user will only be informed that SSL is in use if a secondary dialogue is queried (e.g. page properties).

Use-cases

In use case 10, Betty is making configuration changes on her home router. The no security indicator allows the router to ship with a certificate that chains to a trust root in the browser, avoiding the need for display of warnings related to the use of self signed certs.

In use case 18 the number of circumstances in which warning dialogs need to be displayed is reduced.

Attack resistance and limitations

The recommendation reduces the number of circumstances in which the user is given affirmative security information. No attacks are foreseen.

The one possible area of a reduction in security is that it might be considered likely encourage CAs to issue certificates with reduced authentication criteria that chain to embedded roots. This outcome is expected regardless of whether the recomendation is expected however.

Usability effect

Expected User behavior

The user is expected to treat more Web pages as if they were secure, reducing the circumstances in which positive security indicators and warning dialogs are required.

Disruption

The proposal reduces disruption.

Background (informational)

References

PKIX list discussion